1. Field of Invention
The present invention relates generally to a software-based system and method for reducing unlicensed software duplication. In particular, it relates to a method for restricting hard-drive installation of software to authorized purchasers, and for reducing unauthorized redistribution of software.
2. Brief Description of the Prior Art
Over the past twenty years the number of persons owning or utilizing a computer on a daily basis has grown tremendously. Along with the proliferation and popularity of computer systems has come a immense array of computer programs for specialized applications such as spread sheets, mathematical modeling, desk top publishing and computer games. Such computer programs usually are provided as machine-readable information recorded on a magnetic storage medium such as a diskette or floppy disk. Many of these computer programs require many of thousands of hours for their development, and thus significant monetary outlays by their developers. Such large development costs must be recouped by sales of the product, product which may face considerable competition in the market place at its launch.
Unfortunately, the ethical software industry is plagued not only by fierce competition within its own ranks, but also by unsavory predatory practices from without. Among the most threatening of these practices is that of software piracy. Software piracy involves the unauthorized copying of computer software. Unauthorized copies cost the software industry hundreds-of-millions of dollars in licensing fees each year. Since the pirate has no development costs, and typically substantially less overhead than the ethical software developer, pirated software more often than not sells at prices considerably below that of the manufacturer. Because of the often large discrepancy between the price of unauthorized and authorized computer software, there is a substantial and continuing black market in illegally-copied software.
Duplication of computer software, particularly software distributed on magnetic media, is typically quite easy. In the absence of some form of protection, a software package from an authorized dealer may be copied numerous times on a single piece of hardware. While, in theory, copyright laws protect software developers from unauthorized duplication of their wares, it is often difficult, impractical, and costly, for developers to assert their copyrights against a small company or an individual who makes only a few copies. The employment of license agreements suffers from similar difficulties. In many instances, it is not possible for the software developer to discern the identity of an unauthorized user of its software. For example, it is not uncommon for several individuals to combine their resources to purchase one software program and then make a number of copies for separate use of the software by each of them on their own personal computers. When the consumer is faced with a low risk of being detected and prosecuted for illicitly copying software, the dis-incentive in passing along "hot copies" to friends and acquaintances is greatly reduced.
Various technology-based solutions have been proposed to minimize the problem of software piracy. In general, these "copy protection" technologies can be broadly characterized as involving four basic strategies: "access limitation," "copy detection," "duplication limitation" and "copy inactivation."
"Access limitation" techniques prohibit access to programs installed on a computer's hard drive, also referred to as the "fixed drive" or "Winchester drive," such that data contained in the program, and the program itself, can not be copied without the tacit approval of the authorized licensee. Such "access-limiting" techniques include hardware locks such as the mechanical key and lock system of stand-alone computers which require that the lock be in the "on" position to enable the stand alone system to operate. It also includes systems that require for operation the interface of an electronic key with the computing system as through the serial ports of the computer, as disclosed, for example, in U.S. Pat. No. 5,343,524, or to be interfaced through the keyboard, as disclosed, for example, in U.S. Pat. No. 5,402,492.
Access-limitation techniques may permit access to the operating system and other programs on a hard-drive but limit utilization of a particular program stored on the hard drive. For example, hardware keys which contain code that matches the serial number for a particular software may be employed. In such an approach, "protected" programs stored on a hard-drive cannot be run unless the matching hardware key is inserted into a port on the computer. On the other hand, "non-protected" programs may be freely utilized. Similarly, certain access-limiting programs require "software keys" to be inserted into the disk drive in order for a "protected" program on the hard-drive to be utilized.
Another commonly-used "access limitation" scheme employs the use of an authorization code, such as a password, key number etc., which must be obtained from the software supplier and entered when using the software. If the password or code is not entered, the program is designed to terminate.
The problem with all access-limiting techniques is that such techniques only prohibit illicit duplication if the licensee of the product vigilantly protects access to the program. This is often not the case. For example, a hardware or software key can be shared with others permitting them to run the "protected" program on their own computers. Likewise, a code or password easily can be supplied to a person who is unauthorized to use a particular piece of software.
Another type of technique used to dissuade unauthorized coping is "copy detection." "Copy detection" techniques have as their primary goal the identification of illicit copies, that is, such techniques seek to distinguish illicit copies from the authorized original. One "copy detection" scheme involves the destruction, often by laser, of a particular sector on an the authorized disk during manufacture. In such a scheme, the authorized disk remains operable as upon invocation the sector is verified as unwritable and execution is continued. A copy of such disk, however, easily can be distinguished from the authorized disk since it lacks the obliterated sector.
One of the most widely employed "copy detection" schemes involves the practice of placing serial numbers in authorized software. Such practice permits tracing of unauthorized copies to the person to whom the authorized software was originally sold. Another approach is to require the authorized user, upon the first start-up of the software, to input the user's name which is stored in the software's code such that the user's name will appear on every subsequent initialization screen. These practices are intended to discourage licensed users from allowing their software to be reproduced, knowing that they readily could be identified from the unauthorized copy.
"Copy detection" systems alone do little to dissuade unauthorized copying as the software producer is unlikely to known when the software is illegally copied. External enforcement must be employed to track down and determine who is in possession of an illicit copy. Further, programs exist which permit serial numbers and names located in application programs to be located and erased. In an attempt to foil erasure of such information, one "copy detection" technique scatters the serial numbers and names in different sectors of the program storage disk, and hides the identifying information in the format. Because of the scattered program, the entire disk must be copied to ensure that all portions of the program are copied and in the process the identifying information is also copied. Such an approach while making it more difficult to erase identifying information, does not overcome the need for external enforcement to prevent further illicit copying.
Another technique used to dissuade unauthorized copying is "duplication limitation." "Duplication limitation" techniques include numerous approaches aimed at restricting the number of copies which can be made from a single software package.
"Duplication limitation" may be undertaken by placing restrictions within the computer program which either completely preclude copying or permit only a limited number of copies to be made. Such approach may employ a counter, located in the software, which allows a predetermined number of startings of a host program before destroying the program. For example, software packages have been designed such that, after one copy has been made, certain key features, or modules, of the package are obliterated to the extent that further copying is inhibited.
Another "duplication limitation" technique takes advantage of the hardware timer. "Date-dependent" programs are designed to match their ending calendar date with that of the hardware timer and to cess function if the ending calendar date has expired.
A relatively sophisticated "duplication limitation" scheme which has been employed in the art involves the use of a so-called "parasite" instruction set. This technique requires that a "parasite" be introduced after each stopping of the software program. The "parasite" changes one byte in the program in a predetermined manner after each stop. The parasite introduction commands are located in form at which is normally not able to be copied. Generally, also specified in the format is a "parasite killer" which restores altered bytes to their original condition.
"Duplication limitation" approaches may be overcome by unconventional programs which reproduce virtually each and every bit that is recorded in the original software package. "Duplication limitation" approaches further suffer from the disadvantage that they do not allow, or severely limit, legitimate backup copies to be made for archives. Programs depending on the clock date can be easily overcome by advancing the ending calendar date in the programs or altering the date in the hardware timer. "Parasite" techniques can be overcome by replicating the "parasite killer" such that it can be used to restore parasites in the unauthorized copies.
Another technique designed to reduce piracy is "copy inactivation." "Copy inactivation" includes a host of approaches aimed at rendering illicit copies useless or less than useful.
One "copy inactivation" technique involves insertion into the software artifacts whose locations are randomly determined when the software is initially placed on magnetic medium, such as a diskette, and which can only be reproduced under the original copying conditions. When illegal copying is attempted, the artifacts are obliterated; their absence is detected by a process in the software which reacts by altering the software program such that the program becomes un-executable.
"Copy inactivation" also has been effectuated by providing the software package recorded on the original diskette a so-called "boot-strap" program which, when executed, indicates that no further data is recorded. Thus when the original disk is copied, the boot-strap program is copied also, but in accordance with typical copying routines, the computer system is deceived into recognizing that no other data is available to be copied, the copied program therefore becoming useless.
"Copy inactivation" schemes may also take into account certain unique physical characteristics of the original software disk. For example, the sectors of "original" software packages are normally in alignment. A characteristic of this alignment is generally not carried over when the disk is copied. Thus execution of a software program may be made dependent upon detecting the alignment-associated characteristic of the "original" software package.
As with "duplication limitation" techniques, "copy-inactivation" techniques typically do not permit back-up copies of a hard-drive to be made. Some "copy-inactivation" schemes further restrict use of the software to the medium upon which the software originally was provided. "Boot-strap" schemes may be overcome by recognizing and obliterating the "boot-strap" program before copying. Copy protection schemes that incorporate some characteristic in the purchased software package which can be detected by a standard disk drive, but which cannot be reproduced by the drive, have not been found to be very effective as the usual mechanical tolerances found in disk drives minimizes the efficacy of such schemes.
One disadvantage attendant to typical "access limitation," "copy detection," "duplication limitation" and "copy inactivation" schemes is that they do not provide a means for preventing an authorized software program from being used by another individual on a different computer. Several proposal have been made to rectify this deficit.
U.S. Pat. No. 4,688,169 to Joshi discloses a computer software security system for restricting execution of a computer program to a particular machine. Such system provides for storage of an unique machine identification code in the hardware, firmware memory circuit or in the operating system software designated for the machine. The system further provides for a storage area within the software program for incorporating the unique machine identification code. The program provides a means for retrieving and comparing the machine identification code in the program with the machine identification code in the hardware, firmware, operating system etc., thus limiting execution to only one computer system.
U.S. Pat. No. 4,866,769 to Karp discloses copy protection for software distributed on diskettes. A unique first identification is provided in the read-only-memory ("ROM") of a personal computer in which the software on the diskette is to be used. The personal computer identification is accessible to the user of the computer. The vendor who wishes to protect its software from illegal copying or use provides a source identification on the diskette. The personal computer identification is used with the source identification on the distributed diskette to produce an encoded check word, using encryption techniques. The check word is generated and written onto the distributed diskette during installation and copied onto all backup versions made by the user's personal computer. Prior to each use of the program, the software on the diskette uses the personal computer and the source identifications and check word to verify that the software is being used on the same personal computer on which it was installed.
A method and system for preventing unauthorized use of software is further disclosed in U.S. Pat. No. 5,113,518 to Durst et al. Such system takes advantage of certain characteristics which often differ between different computer systems, such as bus size (e.g., 8-bit versus 16-bit bus line), computer clock speed, cyclic redundancy of ROM, random-access-memory ("RAM") wait states, disk drive rotation speed, read/write head access speed, and hard disk interleave value. These characteristics are measured and the values of the characteristics stored in the application program which is desired to be protected. When the application program is sought to be executed, the program redetermines the characteristics of the computer system and compares them against the stored values in the program. If the compared values are substantially the same, the application program is allowed to be executed.
U.S. Pat. No. 5,199,066 to Logan discloses a method and system for protecting software which makes use of an unique activation code provided by the software manufacturer. Such method entails inputting a unique hardware identification code into the hardware and inputting a first software code into the software. A first predetermined operation is performed upon the hardware code and the first software code to produce a first intermediate code. A unique activation code for the particular embodiment of the software employed is inputted and a second predetermined operation is performed upon the first intermediate code and the activation code to produce a second intermediate code. The second intermediate code is compared with a second software code uniquely associated with the particular embodiment of the software and stored at a hidden location within the software. The software is enabled for use if the second intermediate code and the second software code are identical.
U.S. Pat. No. 5,276,738 to Hirsch makes use of a pseudo-random number generator, scrambler and alphanumeric encoder to limit use of an application program to one computer. The system is designed to provide key values associated with software packages that cannot be easily duplicated and which contain information useful in license verification. The system generates a user key from a "seed" input binary value which preferably contains the serial number of the hardware device. Since the user key is generated in a pseudo-random fashion from the "seed" number, the user key is unique to the particular hardware to which the program was installed. The protection mechanism includes a means for taking an input binary value and generating a unique key value, as well as performing the reverse operation of taking a key value and generating an input binary value. In a simple case, the only value that need be obscured or safeguarded from disclosure is the seed value which is an arbitrary value selectable upon a last minute notice for generating valid key values. The system is designed such that design documentation, in addition to source code related to its implementation, are not required to be hidden. That is, without knowing all of the values used to generate the key value, it is not possible to predict what changes have to be made in the key in order to produce another valid 32 bit input binary value.
Each of these "computer unit-restricted" systems also suffer from weaknesses. U.S. Pat. Nos. 4,688,169, 4,866,769 and 5,199,066 all specify a hardware identification code be placed in the ROM of the computer or in a hardware component of the computer, requiring some agreement with hardware manufacturers as to the provision of such code, and the method of providing such numbers. U.S. Pat. No. 5,276,738 requires that the machine be provided with a pseudo-random number generator and requires that the user keep a record of the key number in order to operate the program. U.S. Pat. No. 5,113,518, while inhibiting hard drive copying, does not prohibit the program from being installed onto several different computers by duplicating the original disk and then installing the program by means of each copy. Further the '518 patent contemplates that the software routine includes a set-up procedure to store in the software itself the signature of the computer system. (col.5, ln.44-46) Thus the hardware parameters necessary to run the program may be determined by examining the software.
Therefore, there is a need for a software security method which dissuades both illicit copying and installation of application programs, which restricts operation of the application program to a single computer and/or user, which does not require the user to remember a key number for its operation, which does not permit an unauthorized user from gaining access to the application program by learning a secret key number or code, which does not require agreement with hardware providers to install unique identification codes in each and every computer, that permits the making of back-up copies of the hard-drive of a computer on which the protected application program is installed, which does not require vigilant policing of access to the program by the licensee, and which does not require external enforcement to dissuade illicit copying.